On 09/12/2013 01:59 PM, Ana Krivokapic wrote: > Hello, > > The design document for $SUBJECT can be found at: > http://www.freeipa.org/page/V3/Automember_rebuild_membership > > Related tickets: > https://fedorahosted.org/freeipa/ticket/3752 > https://fedorahosted.org/freeipa/ticket/3928 > > Thoughts, comments, questions welcome. > The names for commands are a bit long. I am not sure we need all the commands.
$ ipa automember-rebuild-membership --type=group I do not understand why type is "group". If you say that all the user group memberships will be rebuilt then the type is "user". But then you can really not have the command at all and use just: ipa user-automembership and ipa host-automembership If in future we have other objects we would add another command for those objects. so ipa user-automembership --update will update group memberships for all users, or may be it should be ipa user-automembership --update * (I do not know what are the rules in the framework, we should follow them) ipa user-automember --update LOGIN will update group memberships for a specific user Now we need to differentiate --update and --reset --update should update group membership based on the existing filters, i.e. based on the automember plugin configuration only add missing memberships (if any) --reset should clean existing memberships and rebuild them based only the default groups + automember. It should pretty much mean "make group memberships as if the user was just added". Makes sense or I am missing something? -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
